Interop Service — Service Risk Register

Status: populated Owner: TBD Last updated: 2026-04-18 Companion: Service Template · 03 platform-services · 02 DDD

---

1. Risk Register

ID	Risk	Likelihood	Impact	Owner	Mitigation	Status
RISK-INTEROP-001	HL7 v2 sender sends messages in non-standard format	High	High	Integration team	Flexible parser with configurable segment overrides; raw message stored for replay after mapping fix	Open
RISK-INTEROP-002	ABAC service unavailable → fail-open risk	Low	Critical	Security	Fail-safe default: deny when ABAC unavailable; separate alert for ABAC outage	Open
RISK-INTEROP-003	FHIR routing table misconfiguration silently drops requests	Medium	High	Engineering	FHIR routing rule uniqueness constraint; integration tests for all resource types; routing table reviewed in readiness gate	Open
RISK-INTEROP-004	AFG-Core profile version drift (MoPH update)	Medium	High	Clinical informatics	Profile version pinned; change management process for profile updates; validation mode configurable	Open
RISK-INTEROP-005	HL7 DLQ accumulation causes data gap for external systems	Medium	High	SRE	Alert on any dead-lettered message; integration admin reprocess workflow; SLA for DLQ resolution	Open
RISK-INTEROP-006	Bulk export performance degradation at scale	Medium	Medium	Engineering	Background export worker; pagination of service queries; MinIO streaming write; resource-type parallelism	Open
RISK-INTEROP-007	MLLP port exposed without TLS in development	Low	High	Security	TLS enforced by default; dev-mode TLS with self-signed cert; production rejects non-TLS connections	Open
RISK-INTEROP-008	Cross-tenant FHIR data leakage via fan-out merge	Very Low	Critical	Engineering	tenantId injected into all fan-out requests; owning services enforce RLS; tenant-isolation.spec.ts	Open
RISK-INTEROP-009	Third-party EMR coexistence breaks on EMR upgrade	Medium	Medium	Integration team	Adapter versioning; EMR change communication process; regression test suite per partner	Open